Contents

Argon2

Argon2 is a new hash function, which summarizes the state of the art in the design of memory-hard functions. It is a streamlined and simple design. It aims at the highest memory filling rate and effective use of multiple computing units, while still
providing defense against tradeoff attacks. Argon2 is optimized for the x86 architecture and exploits the cache and memory organization of the recent Intel and AMD processors.

Modes

Argon2 has one primary variant: Argon2id, and two supplementary variants: Argon2d and
Argon2i. Argon2d uses data-depending memory
access, which makes it suitable for cryptocurrencies and
proof-of-work applications with no threats from side-channel
timing attacks. Argon2i uses data-independent memory access,
which is preferred for password hashing and password-based key
derivation. Argon2id works as Argon2i for the first half of the first iteration over the
memory, and as Argon2d for the rest, thus providing both side-channel attack protection and
brute-force cost savings due to time-memory tradeoffs. Argon2i makes more passes over the
memory to protect from tradeoff attacks.